openssl: add 1.1.1 support

nim-works · Jun 7, 2024 · 7996ea2 · 7996ea2
1 parent 3e9e7c7
commit 7996ea2
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -140,6 +140,7 @@ jobs:
         uses: johnwason/vcpkg-action@v6
         with:
           pkgs: >-
+            openssl
             pcre
             sqlite3
           triplet: x64-mingw-dynamic-release
@@ -243,12 +244,30 @@ jobs:
       - name: Add DLLs to PATH (Windows)
         if: runner.os == 'Windows'
         run: |
-          $binPath = Join-Path $PWD "vcpkg" "installed" "x64-mingw-dynamic-release" "bin"
+          $prefix = Join-Path $PWD "vcpkg" "installed" "x64-mingw-dynamic-release"
+
+          $binPath = Join-Path $prefix "bin"
           $binPath | Out-File -Append $env:GITHUB_PATH
+
+          $pcPath = (Join-Path $prefix "lib" "pkgconfig"), (Join-Path $prefix "share" "pkgconfig"), $env:PKG_CONFIG_PATH
+          "PKG_CONFIG_PATH=$($pcPath -join ";")" | Out-File -Append $env:GITHUB_ENV
         shell: pwsh
 
       - name: Run tester
-        run: ./koch.py test --batch:'${{ matrix.batch }}_${{ matrix.total_batch }}' --tryFailing all
+        run: |
+          extraArgs=()
+          if command -v pkg-config 2>&1 >/dev/null; then
+            extraArgs+=(
+              "-d:nimLibcryptoLinkFlags:$(pkg-config --libs libcrypto)"
+              "-d:nimLibsslLinkFlags:$(pkg-config --libs libssl)"
+            )
+
+            sslVer=$(pkg-config --modversion libssl)
+            if [[ $sslVer == 1.1.1* ]]; then
+              extraArgs+=("-d:nimOpenssl111")
+            fi
+          fi
+          ./koch.py test --batch:'${{ matrix.batch }}_${{ matrix.total_batch }}' --tryFailing all "${extraArgs[@]}"
 
       - name: Print all test errors
         if: failure()

diff --git a/lib/pure/net.nim b/lib/pure/net.nim
@@ -772,7 +772,11 @@ when defineSsl:
     ## When name starts with a dot it will be matched by a certificate valid for any subdomain
     when not defined(nimDisableCertificateValidation) and not defined(windows):
       assert socket.isSsl
-      let certificate = socket.sslHandle.SSL_get0_peer_certificate()
+      when not defined(nimOpenssl111):
+        let certificate = socket.sslHandle.SSL_get0_peer_certificate()
+      else:
+        let certificate = socket.sslHandle.SSL_get_peer_certificate()
+        defer: X509_free(certificate)
       if certificate.isNil:
         raiseSSLError("No SSL certificate found.")
 

diff --git a/lib/wrappers/openssl/ssl.nim b/lib/wrappers/openssl/ssl.nim
@@ -220,9 +220,13 @@ proc SSL_get_psk_identity*(ssl: ptr SSL): cstring {.importc, cdecl.}
 proc SSL_get_psk_identity_hint*(ssl: ptr SSL): cstring {.importc, cdecl.}
 proc SSL_get_verify_result*(ssl: ptr SSL): clong {.importc, cdecl.}
 
-proc SSL_get0_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
 proc SSL_get0_verified_chain*(ssl: ptr SSL): ptr STACK_OF[X509] {.importc, cdecl.}
-proc SSL_get1_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
+
+when not defined(nimOpenssl111):
+  proc SSL_get0_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
+  proc SSL_get1_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
+else:
+  proc SSL_get_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
 
 proc SSL_accept*(ssl: ptr SSL): cint {.importc, cdecl.}
 proc SSL_connect*(ssl: ptr SSL): cint {.importc, cdecl.}